Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Host computer intrude detecting method decomposed based on inherent subsequence mode

A technology of intrusion detection and pattern decomposition, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems that intrusion detection cannot be universally applied, the process of calling NativeAPI is complicated, and it is difficult to apply it in practice

Active Publication Date: 2011-05-11
四川电子科技大学教育发展基金会
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0052] This method has a large amount of calculation, the establishment of first-order and second-order models, the calculation of parameters, and the process of training and building models for normal data are very complicated, and it is difficult to apply them in practice.
And this method only considers the relationship between the two steps before and after the process to call the Native API, but the Native API call process in the actual situation is very complicated, and only considering the two steps before and after the relationship model is not enough to describe the complex call process of the process to the Native API in the actual operating environment
Therefore, this method is only applicable to the detection of certain intrusions, and cannot be generally applied to intrusion detection in real-time environments.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Host computer intrude detecting method decomposed based on inherent subsequence mode
  • Host computer intrude detecting method decomposed based on inherent subsequence mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0078] The present invention is further described below in conjunction with embodiment.

[0079] 1. Windows Native API

[0080] There are two modes in Windows, user mode and kernel mode. User applications run in user mode, while system programs run in kernel mode. The important difference between the two modes is that they have different priorities for processing files, calling memory, and using the CPU. Kernel mode has a higher priority than user mode. Even if a serious error occurs in the user application program, it will not cause too much impact on the entire system, ensuring the normal operation of the operating system.

[0081] API is the interface function of Windows operating system to provide users with system services in the dynamic link library, running in user mode or kernel mode. The API running in the kernel mode is NativeAPI, which is the interface function of the kernel-level system service in the dynamic link library. The Native API is very different from ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a host computer invasion detection method based on the natural subsequence mode decomposition. The method includes the following steps: (1) defining rules; (2) obtaining Windows Native API data sequence, decomposing process sequences into natural subsequence mode sets and then layering the natural subsequence modes according to the support degree; (3) decomposing suspected sequences into a plurality of layers respectively containing natural sequence modes with similar support degrees; (4) matching the normal process sequences with the suspected sequences according to the corresponding layers, calculating the abnormal degree according to the matched number and judging if the suspected sequences are abnormal. The method overcomes the disadvantages existed in the prior art and can accurately and effectively identify the current attacks and the new increasing attacks.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a host intrusion detection method. Background technique [0002] The development of computer networking technology has changed the computing model dominated by stand-alone computers. However, the risks and opportunities of network intrusion have correspondingly increased dramatically. Designing security measures to prevent unauthorized access to system resources and data is a very important and urgent problem in the field of network security. Intrusion detection is a kind of network security technology produced and developed under this background. Specifically, intrusion detection is to monitor the operating status of the network system, detect and discover various attack attempts, attack behaviors or attack results, so as to ensure the confidentiality, integrity and availability of system resources. Intrusion detection technology is mainly divided into two categorie...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24G06F21/00G06F21/55
Inventor 朱莺嘤叶茂赵欣李丽娟孟喜
Owner 四川电子科技大学教育发展基金会
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products